package org.pac4j.cas.credentials.extractor;

import java.util.Base64;
import java.util.Optional;
import java.util.zip.Inflater;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.util.CommonUtils;
import org.pac4j.cas.config.CasConfiguration;
import org.pac4j.cas.config.CasProtocol;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.WebContextHelper;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.credentials.extractor.CredentialsExtractor;
import org.pac4j.core.exception.TechnicalException;
import org.pac4j.core.exception.http.NoContentAction;
import org.pac4j.core.exception.http.OkAction;
import org.pac4j.core.logout.handler.LogoutHandler;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.HttpActionHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-cas-5.4.6.jar:org/pac4j/cas/credentials/extractor/TicketAndLogoutRequestExtractor.class */
public class TicketAndLogoutRequestExtractor implements CredentialsExtractor {
    private static final int DECOMPRESSION_FACTOR = 10;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) TicketAndLogoutRequestExtractor.class);
    protected CasConfiguration configuration;

    public TicketAndLogoutRequestExtractor(CasConfiguration casConfiguration) {
        CommonHelper.assertNotNull("configuration", casConfiguration);
        this.configuration = casConfiguration;
    }

    @Override // org.pac4j.core.credentials.extractor.CredentialsExtractor
    public Optional<Credentials> extract(WebContext webContext, SessionStore sessionStore) {
        LogoutHandler findLogoutHandler = this.configuration.findLogoutHandler();
        if (isTokenRequest(webContext)) {
            String str = getArtifactParameter(webContext).get();
            findLogoutHandler.recordSession(webContext, sessionStore, str);
            TokenCredentials tokenCredentials = new TokenCredentials(str);
            logger.debug("casCredentials: {}", tokenCredentials);
            return Optional.of(tokenCredentials);
        }
        if (isBackLogoutRequest(webContext)) {
            String str2 = webContext.getRequestParameter("logoutRequest").get();
            logger.trace("Logout request:\n{}", str2);
            String substringBetween = CommonHelper.substringBetween(str2, "SessionIndex>", "</");
            if (CommonUtils.isNotBlank(substringBetween)) {
                findLogoutHandler.destroySessionBack(webContext, sessionStore, substringBetween);
            }
            logger.debug("back logout request: no credential returned");
            throw NoContentAction.INSTANCE;
        }
        if (isFrontLogoutRequest(webContext)) {
            String uncompressLogoutMessage = uncompressLogoutMessage(webContext.getRequestParameter("logoutRequest").get());
            logger.trace("Logout request:\n{}", uncompressLogoutMessage);
            String substringBetween2 = CommonHelper.substringBetween(uncompressLogoutMessage, "SessionIndex>", "</");
            if (CommonUtils.isNotBlank(substringBetween2)) {
                findLogoutHandler.destroySessionFront(webContext, sessionStore, substringBetween2);
            }
            logger.debug("front logout request: no credential returned");
            throwFinalActionForFrontChannelLogout(webContext);
        }
        return Optional.empty();
    }

    protected boolean isTokenRequest(WebContext webContext) {
        return getArtifactParameter(webContext).isPresent();
    }

    protected Optional<String> getArtifactParameter(WebContext webContext) {
        if (this.configuration.getProtocol() == CasProtocol.SAML) {
            Optional<String> requestParameter = webContext.getRequestParameter(Protocol.SAML11.getArtifactParameterName());
            if (requestParameter.isPresent()) {
                return requestParameter;
            }
        }
        return webContext.getRequestParameter("ticket");
    }

    protected boolean isBackLogoutRequest(WebContext webContext) {
        return WebContextHelper.isPost(webContext) && !isMultipartRequest(webContext) && webContext.getRequestParameter("logoutRequest").isPresent();
    }

    protected boolean isMultipartRequest(WebContext webContext) {
        Optional<String> requestHeader = webContext.getRequestHeader("Content-Type");
        return requestHeader.isPresent() && requestHeader.get().toLowerCase().startsWith("multipart");
    }

    protected boolean isFrontLogoutRequest(WebContext webContext) {
        return WebContextHelper.isGet(webContext) && webContext.getRequestParameter("logoutRequest").isPresent();
    }

    protected String uncompressLogoutMessage(String str) {
        byte[] decode = Base64.getMimeDecoder().decode(str);
        Inflater inflater = null;
        try {
            try {
                inflater = new Inflater();
                inflater.setInput(decode);
                byte[] bArr = new byte[decode.length * 10];
                String str2 = new String(bArr, 0, inflater.inflate(bArr), "UTF-8");
                if (inflater != null) {
                    inflater.end();
                }
                return str2;
            } catch (Exception e) {
                logger.error("Unable to decompress logout message", (Throwable) e);
                throw new TechnicalException(e);
            }
        } catch (Throwable th) {
            if (inflater != null) {
                inflater.end();
            }
            throw th;
        }
    }

    protected void throwFinalActionForFrontChannelLogout(WebContext webContext) {
        Optional<String> requestParameter = webContext.getRequestParameter("RelayState");
        if (!requestParameter.isPresent()) {
            throw new OkAction("");
        }
        StringBuilder sb = new StringBuilder();
        sb.append(this.configuration.getPrefixUrl());
        if (!this.configuration.getPrefixUrl().endsWith("/")) {
            sb.append("/");
        }
        sb.append("logout?_eventId=next&");
        sb.append("RelayState");
        sb.append("=");
        sb.append(CommonUtils.urlEncode(requestParameter.get()));
        String sb2 = sb.toString();
        logger.debug("Redirection url to the CAS server: {}", sb2);
        throw HttpActionHelper.buildRedirectUrlAction(webContext, sb2);
    }
}
